# Tools and Payloads

## Port Scanners

* [Nmap](https://nmap.org/)
* [Masscan](https://github.com/robertdavidgraham/masscan)
* [RustScan](https://github.com/RustScan/RustScan)

## Fuzzers

* [Gobuster/Dirbuster](https://github.com/OJ/gobuster)
* [wfuzz](https://github.com/xmendez/wfuzz)

## Intercepting Proxies

* [BurpSuite](https://portswigger.net/burp)
* [OWASP ZAP](https://owasp.org/www-project-zap/)

## Privilege Escalation

* [Privilege escalation scripts](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/)
* [Linpeas](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS)
* [LinEnum](https://github.com/rebootuser/LinEnum)
* [Linux Smart Enumeration](https://github.com/diego-treitos/linux-smart-enumeration)

## Hash crackers

* [John the Ripper](https://www.openwall.com/john/)
* [Hydra](https://tools.kali.org/password-attacks/hydra)
* [Unshadow](http://manpages.ubuntu.com/manpages/xenial/man8/unshadow.8.html) - Password and Shadow files
* [Hashcat](https://hashcat.net/hashcat/)
* Online Tools
  * [CrackStation](https://crackstation.net/)
  * [MD5 Decrypt](https://md5decrypt.net/en/)
  * [Hashkiller](https://hashkiller.io/listmanager)
  * [Online Hash Cracker](https://www.onlinehashcrack.com/)
  * [Hashes](https://hashes.com/en/decrypt/hash)
* Hash Identification Tools
  * Haiti
  * hashid
  * hash-identifier

## Cryptography, Encryption, Encoding & Decoding

* [CyberChef](https://gchq.github.io/CyberChef/)
* [RSA tool](https://github.com/ius/rsatool)
* [RSA CTF Tool](https://github.com/Ganapati/RsaCtfTool)

## Steganography

* [StegHide](http://steghide.sourceforge.net/) (For JPG)
* [Zsteg](https://github.com/zed-0xff/zsteg) (For PNG)
* [ExifTool](https://github.com/exiftool/exiftool) (For Metadata)
* [ExifTool - Web](http://exif.regex.info/exif.cgi)
* [Stegoveritas](https://github.com/bannsec/stegoVeritas) (For JPG and PNG)
* [Sonic visualizer](https://www.sonicvisualiser.org/download.html) (Spectrogram stegonography)
* [Steganography Tools](http://www.jjtc.com/Steganography/tools.html)
* Crack the passpharse for jpg files:
  * [StegCracker](https://github.com/Paradoxis/StegCracker)
  * [Stegseek](https://github.com/RickdeJager/stegseek)

## Zero width Steg

* [Steganographr](https://neatnik.net/steganographr/)
* [Unicode Steganography](https://330k.github.io/misc_tools/unicode_steganography.html)
* [Zero width Fingerprinting](https://github.com/vedhavyas/zwfp)

## Git Related Tools

* [GitHacker](https://github.com/captain-noob/GitHacker)
* [GitHack](https://github.com/captain-noob/GitHack)
* [GitTools](https://github.com/internetwache/GitTools)

## DNS Related Tools

* [DNS - Exfil - Infil](https://github.com/kleosdc/dns-exfil-infil)
* [Iodine - Tunnel IPv4 data through a DNS server](https://code.kryo.se/iodine/)
* [Iodine - Github](https://github.com/yarrick/iodine)

## Printer Hacking Tools

* [PRET - Printer Exploitation](https://github.com/RUB-NDS/PRET)

## OSINT Tools

* [Wigle Net - Wifi OSINT](https://wigle.net/)
* [FFmpeg - To extract audio/images from video](https://ffmpeg.org/)

## Reverse Engineering Tools

* [Radare 2 - Reverse Engineering](https://github.com/radareorg/radare2)
* [Rizin - Reverse Engineering](https://github.com/rizinorg/rizin)
* [ILSpy - .NET disassembly](https://github.com/icsharpcode/ILSpy)
* [Dotpeek - .NET disassembly](https://www.jetbrains.com/decompiler/)

## Packet Analysis Tools

* [WireShark](https://www.wireshark.org/)
* [Tshark](https://www.wireshark.org/docs/man-pages/tshark.html)

## Buffer Overflow

* [Vulnserver](https://github.com/stephenbradshaw/vulnserver)
* [Immunity Debugger](https://www.immunityinc.com/products/debugger/)
* [Mona.py](https://github.com/corelan/mona)

## Miscellaneous Tools

* Zbar-tools (for extracting QR code from image `zbarimg`)
* fcrackzip (for bruteforcing zip file passwords)
* [Chisel - TCP/UDP tunnel](https://github.com/jpillora/chisel)
* [SQLMAP](https://github.com/sqlmapproject/sqlmap)
* [Metasploit](https://www.metasploit.com/)
* [Enum4Linux - SMB Enumeration](https://tools.kali.org/information-gathering/enum4linux)

***

## Payloads & Wordlists

* [Seclists](https://github.com/danielmiessler/SecLists)
* rockyou.txt
* [Payload All the Things](https://github.com/swisskyrepo/PayloadsAllTheThings)
* [SQL Injection Payload List](https://github.com/payloadbox/sql-injection-payload-list)
* [OWASP Cheatsheet](https://github.com/OWASP/CheatSheetSeries)
* [XSS Payload List](https://github.com/payloadbox/xss-payload-list)
* [WordList CTL](https://github.com/BlackArch/wordlistctl)
* Custom WordList Generators
  * [Mentalist](https://github.com/sc0tfree/mentalist)
  * [CeWL](https://github.com/digininja/CeWL)
* Password Dictionary Generators
  * [TTPAssGen](https://github.com/tp7309/TTPassGen)
* Lyric based wordlist Generator
  * [Lyricpass](https://github.com/initstring/lyricpass)
* Phone number based wordlist Generator
  * [Pnwgen](https://github.com/toxydose/pnwgen)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.dhilipsanjay.in/ctfs/toolspayloads.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.